Skills
skills/zelinewang/claudemem/openspec-apply-change/Gen Agent Trust Hub

openspec-apply-change

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it reads and acts upon untrusted data from context files (proposals, specs, design, tasks) and CLI outputs to perform code modifications.
  • Ingestion points: Data enters via local files specified in the contextFiles field of the openspec instructions JSON output.
  • Boundary markers: No explicit delimiters or instructions are used to distinguish external task descriptions from the system's internal implementation instructions.
  • Capability inventory: The skill has permissions to read and write local files and execute the openspec CLI tool.
  • Sanitization: Content from the context files is used for implementation guidance without evident sanitization or safety filtering.
  • [COMMAND_EXECUTION]: The skill utilizes the openspec CLI for project management operations. Commands such as openspec list, openspec status, and openspec instructions are used to drive the implementation loop, which is consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 03:54 AM